I need to Disable/Enable a loaded device driver because the device "at times" when connected fails to load properly.
This device is controlled by the user and is POWERED AND UN-POWERED very frequently.
The program which needs to use the driver DETECTS a failure and needs to Disable/Enable which ALWAYS corrects the issue.
But using the SetupAPI methods causes the executable to require ADMIN rights (Windows 7 and Windows 10).
I'm not sure if I need to use "other" coding methods or if SIGNING the executable will remove the "requirement" to run as administrator?
Any ideas would be greatly appreciated.
The problem is that is any used can unload a driver, they'd be able to interfere with other users. Drivers are a shared resource.
"Signing" the executable makes a few warnings less scary but doesn't affect security.
Related
So, I am doing a small bit of research for my Google Admin. He and I were trying to figure out how to allow users under the domain to enable the singular flag for Chrome OS Dark Mode, upon request, without unblocking the entire chrome://flags address. He said that there is no way to do it without creating a script.
Anyway, to the point, is there any scripts out there for doing something similar? I can edit the code when I need to in order to make it exactly for what it needs to be, but I do not know what the code (or whatever it is) should be in order for a certain flag to be enabled properly.
Unfortunately, Chrome Management API has a limited management options to control Chrome OS devices. Upon checking specifically on Directory API that manages Chrome OS devices, you can only manage devices information (e.g. move a device to a different OU or update a device's Chrome OS version). Thus, it is not possible to use script for this, given that Chrome flags are experimental settings on Chrome.
I did some research and found a workaround by using command line flags (or "switches") where you can set to your Chrome OS devices to auto enable dark mode switch when user turn on the Chrome OS device. However, you need to put the device into dev mode, disable rootfs verification, and bring up a command prompt to be abe to do this method. Additionally, this also involves changing the file system of the device, which could be not ideal for your setup.
How can I hibernate a Windows machine that runs Windows 7 or 8 over my LAN from another PC?
Is there a WinAPI function for that? Or do I have to send special magic packets or something like this?
All I know is that PsShutdown.exe is able to do it (allegedly. I haven't tried it).
I don't want to use third party libraries and I also don't want to run a service on the computer that is supposed to get hibernated. I want to use the existing mechanism.
I'd also like to know if I need to change specific settings on the target computer.
I'm not sure if that's important, but shutdown /s /m \\ComputerName did not work on my target PC.
The TechNet document Restart or Shut Down a Remote Computer and Document the Reason describes the requirements to use the shutdown.exe command against a remote computer.
In order to use this feature, the Remote Registry service must be enabled on the remote computer.
Access to the Remote Registry or membership in the Administrators group on the remote computer is the minimum required to complete this procedure
To the best of my knowledge, the only way to remotely hibernate a machine is to use the same method that psshutdown does: copy an executable to the remote machine and install it as a system service.
The OpenSCManager API allows you to specify a target computer, and you can use the handle it returns to call CreateService and then StartService. The service can delete itself once it has done its work.
We wrote a Windows device driver to access our custom PCI card. The driver uses CreateFile to get a handle to the card.
We recently had trouble at one installation were the card appeared to stop working. We tried replacing the card (the replacement appeared not work either). The computer vendor replaced the motherboard and both cards still failed to work. We put the cards in a different computer and both worked fine.
We now have the computer at our office for examination. The Windows Device Manager lists our card in Other Devices as usual and says it's working fine. However, our driver initialization fails when it attempts to connect to the card.
We created a test version of our driver with some extra debugging and determined that CreateFile is failing. It returns INVALID_HANDLE_VALUE as it is supposed to on failure. GetLastError indicates the error is Access is Denied.
Since we're logged into the system as a local administrator, what can deny access to the device?
You may want to try with a "Checked" build of the Windows kernel. This is a debug build that has much more diagnostic information available through a debug channel. Last time I used one (years ago), the build was available on MSDN, but my info is possibly out of date.
This doesn't sound like a device driver, CreateFile() is only available in a regular Win32 app. That also matches the error, device drivers are not subjected to security restrictions like Win32 apps are.
Yes, you may have trouble opening handles to devices with CreateFile(). I think the user account at least needs to have SE_BACKUP_PRIVILEGE. There were also changes in Vista, review the CreateFile docs, section "Physical disks and volumes" for the rules. The best place to find security gurus that can show you how to edit the account privileges is a serverfault.com
What would be the simplest way for an application I'm writing to block all Internet access on a Windows machine?
More details:
Windows: XP or higher
Application: A basic Win32 app written in C/C++.
Blocking: It needs to be able to block and unblock at will, ideally in a way that the user can't easily reverse. (By, say, right clicking on a network connection icon in the system tray.) Also, ideally, I'd like the method it uses to allow access to be restored should the user restart Windows or reset the machine, though I'd also be willing to have the app auto launch with Windows and unblock access upon startup if the machine was reset while in a blocked state.
Internet access: Primarily, I'd like to block conventional browsers from hitting conventional http/https sites. Secondarily, it would be nice to block IM clients and client-side social networking apps. It would also be nice, but not required, to still allow local networking for file sharing, etc. (Note that only the first requirement is absolute.)
Final notes: This is not meant to be a security utility, nor will its relationship to the user be adversarial (as, for example, with a parental control utility) so it's not important for it to use a scheme that can't be worked around by a determined user. (Consider that I intend for a reboot or reset to clear the blocking. This means that any workaround a user might discover that would take more effort than this is okay.)
Thanks!
p.s. I suspect that the Windows Firewall API won't work for me because this needs to work for users that haven't enabled the firewall or don't have admin privileges, but I'll be thrilled if I'm corrected on this.
It sounds like you're intending to run applications that you don't want to access the internet. Perhaps you could run them inside a virtual machine such as VirtualBox with networking disabled.
You could do it with a Winsock SPI. The Windows SDK has a sample (under Samples\netds\winsock\lsp) which implements what is called a layered service provider which allows you to hook all the user mode functions provided by Winsock and reject/modify the calls to block network access or redirect traffic to different locations. All installed winsock applications will be affected, so in your code you could have policys for what applications can go out and the like and disabled/enable on the fly. Now a determined person could find ways around this but it would be a pain.
That said this isn't trivial to do but the sample should get you most of the way there.
You cannot effectively or practically write your tool with only a user mode application.
What you need to write is a network I/O stack filter driver. This done by writing a Windows Driver. This is different from a Windows Win32 application. Drivers run in kernel mode and applications run in user mode.
On Windows Vista and later, the kernel mode Network Programming Interface (NPI) is designed for this. This is the same API that Windows Firewalls use. These are sometimes called the Winsock kernel (WSK) APIs.
In effect, you are writing a network firewall (more or less)
here are some links
Introduction to Winsock Kernel (WSK)
Windows Core Networking Blog
The Network Programming Interface Docs on MSDN
Note, your will likely need at least two components
Your driver
A Graphical application that a person can use to control your tool
If you want to do any monitoring, you will likely need a user mode service that collects data from your driver. This works better than trying to do this in the driver. In general, you should do the minimal amount of work in the driver.
A few notes:
You need to be very conscious of security when writing this kind of software. This is very much non trivial. Software that is network facing has the highest security requirements.
Be cognizant of performance.
Your driver and/or service must be aware of the context of a calling application. This is also a security boundary. For example, an application not running as administrator should not be able to control your driver.
take a look at firewall sourcecodes
I want to have an application or service that is running that, on some schedule, can disable access to the internet for all applications except for specific ones.
I'm trying to create a filter that can be turned on or off under programmatic control. Not just IP addresses and ports, but I want to be able to block specific applications as well, much like Zone Alarm and other software firewalls let you block.
For example, iexplore.exe, skype.exe, firefox.exe, aim.exe. But still need to allow other applications to connect as needed.
It has to work on Vista as well as XP, but I kind of expect that the method will be different on each of those platforms.
Basically, the filter has to tie the network communication back to the executable that is making the request and then allow or deny it.
Update:
On Vista at least, it looks like I want to use filters in the ALE layers of the WFP.
On XP, I'm still looking for the best way to do it. Do I really need to be writing device drivers and dealing with kernel stuff? I'm just a lowly application developer. Kill me now.
Update 2:
Currently looking at the PfCreateInterface and related Pf* API's for pre-Vista systems.
You can change both Vista and XP's firewall policies dynamically using the INetFwAuthorizedApplications interface from the Windows Firewall API.
Also see this question.
You'll have to write a device driver that filters traffic based on the executable requesting the traffic.
by limiting its access to internet using firewall. go to firewall setting advanced tab (win 7)
and do that
I'm not sure, but I think you'd need to do it by getting the program to run as a user that has limited permissions, the question is, can you make a user account that stops such things?
You'll need to redirect all (or at least many) calls to the WinSock API functions of any running program to your own replacement functions. That means getting into the memory of each running program and hijacking those functions, which is an... interesting... exercise. :-)
That might be enough of a pointer to get you started, or at least to suggest some more specific questions to ask.
Could you move aside (ie rename) the system's winsock DLL and replace it with your own ?
Yours should provide the same API, but check the the process name of incoming requests... return an error code to blocked applications and forward the calls from allowed apps onto the real DLL.